Method, apparatus and computer program product for a content protection system for protecting personal content

ABSTRACT

An apparatus for providing a content protection system for protecting personal content may include a processor configured to receive an indication of personal content submitted for inclusion in a content protection system, and determine admissibility of the personal content to the content protection system based at least in part on indicia associated with a source device from which the personal content originated. A corresponding method and computer program product are also provided.

TECHNOLOGICAL FIELD

Embodiments of the present invention relate generally to content sharingtechnology and, more particularly, relate to an apparatus, method and acomputer program product for providing a content protection system forprotecting personal content.

BACKGROUND

The modern communications era has brought about a tremendous expansionof wireline and wireless networks. Computer networks, televisionnetworks, and telephony networks are experiencing an unprecedentedtechnological expansion, fueled by consumer demand. Wireless and mobilenetworking technologies have addressed related consumer demands, whileproviding more flexibility and immediacy of information transfer.

Current and future networking technologies continue to facilitate easeof information transfer and convenience to users by expanding thecapabilities of mobile electronic devices. One area in which there is ademand to increase ease of information transfer relates to the sharingof information between multiple devices and potentially between multipleusers. In this regard, given the ability for modern electronic devicesto create and modify content, and also to distribute or share content,it is not uncommon for users of such devices to become prolific usersand producers of media content. Networks and services have beendeveloped to enable users to move created content to various pointswithin the networks.

To complement mechanisms for distribution and sharing of personalcontent, mechanisms have also been developed to provide for distributionof commercial content. In order to prevent unauthorized use or copyingof commercial content, there has been an increased need for contentprotection sometimes in the form of digital rights management (DRM).Content protection systems such as, for example, DVB CPCM (Digital VideoBroadcast Content Protection and Copy Management) have been developed toprovide protection against inappropriate use of commercial content. DVBCPCM manages usage of commercial digital content delivered to consumerproducts and home networks from acquisition into the system until finalconsumption, or export from the system, in accordance with theparticular usage rules associated with the commercial digital content.Examples of commercial digital content may include all types of contentsuch as audio, video and associated applications and data any of whichmay be received via broadcast services, Internet-based services,packaged media, and mobile services, and the like. An exemplary contentprotection system such as DVB CPCM may provide specifications tofacilitate interoperability of content after acquisition by networkedconsumer devices for both home networking and remote access. Thus, atypical content protection system may define signaling and technicalcompliance standards to ensure interoperability.

Given that a content protection system that is designed to provideprotection for commercial content may add some implication of legitimacyto the content being presented by the system, offering content via acontent protection system may be a desirable mechanism by which certainindividuals may desire to offer personal content to others. However, theimplication of legitimacy may be misused in some cases. For example,bootlegged movies, music and other content that has been illegallycopied or acquired may undergo “content laundering” by uploading suchcontent to a content protection system and making the content freelyavailable via the content protection system. To prevent contentlaundering from making illegitimate content appear to be legitimate,many content providers are reluctant to accept any personal oruser-created content into a content protection system.

Despite the issues described above, there may be legitimate reasons whypersonal content may benefit from being protected via a contentprotection system. For example, a user may wish to send photographs froma party to individuals who where at the party, but may not wish to allowthose individuals to further distribute the content to their friends orpost the content on the Internet. Accordingly, it may be desirable toprovide an improved content protection system with respect to handlingpersonal content.

BRIEF SUMMARY

A method, apparatus and computer program product are therefore providedthat may provide a content protection system for handling personalcontent. Thus, for example, it may be possible to enable distribution ofpersonal content through a content protection system to other users withrestrictions on the activities such users may undertake with respect tothe distributed content. Furthermore, it may be possible to freely movecontent (and possibly copy) content between different devices of theuser providing the content for distribution.

In an exemplary embodiment, a method of providing a content protectionsystem for protecting personal content is provided. The method mayinclude receiving an indication of personal content submitted forinclusion in a content protection system, and determining admissibilityof the personal content to the content protection system based at leastin part on indicia associated with a source device from which thepersonal content originated.

In another exemplary embodiment, a computer program product forproviding a content protection system for protecting personal content isprovided. The computer program product includes at least onecomputer-readable storage medium having computer-executable program codeinstructions stored therein. The computer-executable program codeinstructions may include program code instructions for receiving anindication of personal content submitted for inclusion in a contentprotection system, and determining admissibility of the personal contentto the content protection system based at least in part on indiciaassociated with a source device from which the personal contentoriginated.

In another exemplary embodiment, an apparatus for providing a contentprotection system for protecting personal content is provided. Theapparatus may include a processor. The processor may be configured toreceive an indication of personal content submitted for inclusion in acontent protection system, and determine admissibility of the personalcontent to the content protection system based at least in part onindicia associated with a source device from which the personal contentoriginated.

In an exemplary embodiment, an apparatus for providing a contentprotection system for protecting personal content is provided. Theapparatus may include means for receiving an indication of personalcontent submitted for inclusion in a content protection system, andmeans for determining admissibility of the personal content to thecontent protection system based at least in part on indicia associatedwith a source device from which the personal content originated.

Accordingly, embodiments of the present invention may enable improvedcapabilities with respect to sharing content on multiple devices.

BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S)

Having thus described the invention in general terms, reference will nowbe made to the accompanying drawings, which are not necessarily drawn toscale, and wherein:

FIG. 1 is a schematic block diagram of a system according to anexemplary embodiment of the present invention;

FIG. 2 is a schematic block diagram of an apparatus for providing acontent protection system for protection of personal content accordingto an exemplary embodiment of the present invention; and

FIG. 3 is a flowchart according to an exemplary method for providing acontent protection system for protecting personal content according toan exemplary embodiment of the present invention.

DETAILED DESCRIPTION

Some embodiments of the present invention will now be described morefully hereinafter with reference to the accompanying drawings, in whichsome, but not all embodiments of the invention are shown. Indeed,various embodiments of the invention may be embodied in many differentforms and should not be construed as limited to the embodiments setforth herein. Like reference numerals refer to like elements throughout.As used herein, the terms “data,” “content,” “information” and similarterms may be used interchangeably to refer to data capable of beingtransmitted, received and/or stored in accordance with embodiments ofthe present invention. Moreover, the term “exemplary”, as used herein,is not provided to convey any qualitative assessment, but instead merelyto convey an illustration of an example. Thus, use of any such termsshould not be taken to limit the spirit and scope of embodiments of thepresent invention.

As indicated above, embodiments of the present invention may be employedin methods, apparatuses and computer program products in order toprovide a content protection system with capabilities for handlingpersonal content while addressing content provider concerns regardingthe possibility of content laundering. In this regard, for example,embodiments of the present invention may provide for personal content tobe introduced into the content protection system when certain conditionsare met. One example condition for introduction of personal content intothe content protection system may include source authentication. In thisregard, if the content to be introduced into the system originates froman authenticated source of personal content, the content may be allowedinto the system. Another example condition may include copyingrestrictions. In this regard, for example, a usage state associated withthe content to be introduced into the system may not allow unrestrictedcopying of the content (at least to devices not associated with theauthorized domain of the user proving the content) in order to removethe typical motivation of content launders. As yet another examplecondition, personal content may be segregated from commercial contentwhile in the content protection system. Segregation of personal andcommercial content may facilitate managing personal content withslightly different usage rules and potential extensions to existingcontent protection system usage states to enable provision of personalcontent protection.

Thus, personal content may be created, copied, modified and distributedin association with the content protection system and benefit from theprotections afforded by the system. However, even though embodiments ofthe present invention may enable a user to place restrictions ondistribution of personal content to other users, an authorized domain ofthe user, which may include personally owned devices (e.g., a mediaplayer, a mobile telephone, a laptop computer or personal computer (PC),a camera or video camera, and/or others) of the user that are registeredas belonging to the user, may be enabled to freely move content betweendevices.

FIG. 1 illustrates a block diagram of a system that may benefit fromembodiments of the present invention. It should be understood, however,that the system as illustrated and hereinafter described is merelyillustrative of one system that may benefit from embodiments of thepresent invention and, therefore, should not be taken to limit the scopeof embodiments of the present invention. Moreover, although DVB CPCM isreferred to as one example of a content protection system, it should beunderstood that embodiments of the present invention are not limited toapplication with DVB CPCM, but may be used in connection with othercontent protection systems as well.

As shown in FIG. 1, an embodiment of a system in accordance with anexample embodiment of the present invention may include a user terminal10 capable of communication with numerous other devices including, forexample, a service platform 20 via a network 30. The service platform 20may be a server, server bank or other computer configured to provide oneor more services (e.g., Internet services) via the network 30. In anexemplary embodiment, the service platform 20 may provide, among otherthings, content management, content sharing, content acquisition andother services related to communication and media content. Nokia's Ovisuite is an example of a service provision mechanism that may beassociated with the service platform 20. In some cases, the serviceplatform 20 may include, be associated with, or otherwise be functionalin connection with a content protection system 22. The contentprotection system 22 may be configured to provide content protectionservices as described herein in order to enable DRM with respect tocontent introduced into the content protection system 22. The contentprotection system 22 may be any means such as a device or circuitryembodied in hardware, software or a combination of hardware and softwarethat is configured to perform the corresponding functions of the contentprotection system 22 as described herein. As such, for example, thecontent protection system 22 may, in some cases, be embodied as aserver, server bank or other computing device. The content protectionsystem 22 may be configured to provide for storage of content (in somecases segregated on the basis of commercial or personal contentclassification) and distribution according to specified rules. Forexample, content may only be distributed to authorized users.

In an exemplary embodiment, a content protection agent 24 may beemployed to screen content intended for submission to the contentprotection system 22. In this regard, for example, the contentprotection agent 24 may act as a gateway or access control mechanismconfigured to apply predefined rules and or criteria in order todetermine whether content submitted for inclusion in the contentprotection system 22 is allowed to be entered into the contentprotection system 22. Furthermore, if the submitted content is selectedby the content protection agent 24 for inclusion in the contentprotection system 22, the content protection agent 24 may defineconditional parameters or usage state parameters that may apply to thecontent. The usage state parameters may instruct the content protectionsystem 22 in relation to specific rules governing storage and/ordistribution of the content. The content protection agent 24 may be anymeans such as a device or circuitry embodied in hardware, software or acombination of hardware and software that is configured to perform thecorresponding functions of the content protection agent 24 as describedherein. In some cases, the content protection agent 24 may be embodiedat the content protection system 22, as shown in FIG. 1. However, inalternative embodiments, the content protection agent 24 may be embodiedat another device in the system (e.g., at the service platform 20, theuser terminal 10, etc.).

In some embodiments of the present invention, the system may furtherinclude one or more additional devices such as personal computers (PCs),servers, network hard disks, file storage servers, and/or the like, thatare capable of communication with the user terminal 10 and accessible bythe service platform 20. In some cases, the user terminal 10 may be anacquisition point for content entering the content protection system 22(e.g., via the content protection agent 24). As such, the user terminal10 may be enabled to provide content directly to the content protectionsystem 22. However, in some embodiments, the user terminal 10 may beconfigured to provide content to the content protection system 22 via aphysically separate acquisition point in the form of the contentprotection agent 24. The acquisition point (e.g., in the form of thecontent protection agent 24) may be a communication device capable ofcommunication with one or more user terminals in order to providecontent submitted by the user terminal(s) to the content protectionsystem 22. As such, the acquisition point, which may itself be embodiedas a computing device, server or other communication device or as aportion of a computing device, server or other communication deviceconfigured to communicate with the content protection system 22 via thenetwork 30, may be an agent configured to determine whether the sourceof the content is an authorized and/or trusted device for submittingcontent to the content protection system 22.

The user terminal 10 may be any of multiple types of fixed or mobilecommunication and/or computing devices such as, for example, portabledigital assistants (PDAs), pagers, mobile televisions, mobiletelephones, gaming devices, laptop computers, PCs, cameras, cameraphones, video recorders, audio/video players, radios, global positioningsystem (GPS) devices, or any combination of the aforementioned, andother types of voice and text communications systems, which employembodiments of the present invention.

The network 30 may include a collection of various different nodes,devices or functions that may be in communication with each other viacorresponding wired and/or wireless interfaces. As such, theillustration of FIG. 1 should be understood to be an example of a broadview of certain elements of the system and not an all inclusive ordetailed view of the system or the network 30. Although not necessary,in some embodiments, the network 30 may be capable of supportingcommunication in accordance with any one or more of a number offirst-generation (1G), second-generation (2G), 2.5G, third-generation(3G), 3.5G, 3.9G, fourth-generation (4G) mobile communication protocols,Long Term Evolution (LTE), and/or the like. Thus, the network 30 may bea cellular network, a mobile network and/or a data network, such as alocal area network (LAN), a metropolitan area network (MAN), and/or awide area network (WAN), e.g., the Internet. In turn, other devices suchas processing elements (e.g., personal computers, server computers orthe like) may be included in or coupled to the network 30. By directlyor indirectly connecting the user terminal 10 and the other devices tothe network 30, the user terminal 10 and/or the other devices may beenabled to communicate with each other, for example, according tonumerous communication protocols including Hypertext Transfer Protocol(HTTP) and/or the like, to thereby carry out various communication orother functions of the mobile terminal 10 and the other devices,respectively. As such, the user terminal 10 and the other devices may beenabled to communicate with the network 30 and/or each other by any ofnumerous different access mechanisms. For example, mobile accessmechanisms such as wideband code division multiple access (W-CDMA),CDMA2000, global system for mobile communications (GSM), general packetradio service (GPRS) and/or the like may be supported as well aswireless access mechanisms such as wireless LAN (WLAN), WorldwideInteroperability for Microwave Access (WiMAX), WiFi, ultra-wide band(UWB), Wibree techniques and/or the like and fixed access mechanismssuch as digital subscriber line (DSL), cable modems, Ethernet and/or thelike. Thus, for example, the network 30 may be a home network or othernetwork providing local connectivity.

In an example embodiment, the service platform 20 may be a device ornode such as a server or other processing element. The service platform20 may have any number of functions or associations with variousservices. As such, for example, the service platform 20 may be aplatform such as a dedicated server (or server bank) associated with aparticular information source or service (e.g., Nokia's Ovi suite), orthe service platform 20 may be a backend server associated with one ormore other functions or services. As such, the service platform 20represents a potential host for a plurality of different services orinformation sources. In some embodiments, the functionality of theservice platform 20 is provided by hardware and/or software componentsconfigured to operate in accordance with known techniques for theprovision of information to users of communication devices. However, atleast some of the functionality provided by the service platform 20 maybe data processing and/or service provision functionality provided inaccordance with embodiments of the present invention.

The term “personal content” as used herein may refer to contentincluding, audio, video and/or media content that is not commercial innature. In other words, personal content is not distributed in exchangefor monetary compensation. Embodiments of the present invention enablepersonal content to be introduced into a content protection system 22via an acquisition point (e.g., the content protection agent 24) that isauthorized to provide such content. In some embodiments, the acquisitionpoint may be integrated within the user terminal 10. As such, forexample, the user terminal 10 may represent a single physical deviceconfigured to create content (e.g., via a camera and perhaps also amicrophone) and also provide the created content to the contentprotection system 22. By robust construction, the user terminal 10according to this example may be configured to prevent digital contentfrom other, unauthorized sources from being introduced to the contentprotection system 22 via the acquisition point 40.

In an alternative embodiment, the acquisition point may not be a part ofthe user terminal 10. As such, for example, the user terminal 10 may beconnected to the acquisition point via the network 30, in some cases,via a secure link. In such an embodiment, the acquisition point may beconfigured to determine whether the source of the content submitted(e.g., the user terminal 10) is capable of being positivelyauthenticated. In this regard, for example, the acquisition point may beconfigured to utilize a digital certificate associated with the sourceas a tool for authentication of the source of personal content.

In another alternative embodiment, the user terminal 10 (e.g., as anauthentic source of personal content) may mark the content with awatermark or other identifier, which positively identifies the contentas originating from an authentic source of personal content. Theacquisition point may be configured to look for the watermark as acondition for allowing the content to enter the content protectionsystem.

In yet another alternative embodiment of the present invention, theacquisition point may be implemented as part of a trusted contentsharing service (e.g., the service platform 20) associated with aparticular user account, and therefore part of the particular user'sauthorized domain. A digital fingerprint such as pHash (a perceptualhashing algorithm) may be calculated for each item of content (orrandomly for some of the content items) uploaded by users to a contentsharing service of the service platform 20. The digital fingerprint maybe compared pairwise against known fingerprints of commercial contentitems. If an exact or near match is determined, results may include:blocking the user's current upload and possibly future uploads to theacquisition point, and/or notifying the content owner. Since checkingthe hash of each user-provided content clip against hashes of a largenumber of commercial content items may be a time consuming evolution,and consumption of too much time may be undesirable, in some embodimentsthe check of hashes may be done as a background job on the server side(e.g., at the service platform 20) without causing a delay to the userin relation to uploading the content. In some embodiments, the check maybe done only on some portion of the content submitted on, for example, arandom sampling basis. Such a random check may still act as a deterrentfor illegal commercial content redistribution attempts.

In some cases, a separate personal content signing unit 12 may beincluded or otherwise usable in connection with existing photo or videocapturing/editing devices to sign content with the user's personalsignature or some other indicia associated with the user and registeredto the service platform 20 for the user. The content signing unit 12 maybe any means such as a device or circuitry embodied in hardware,software or a combination of hardware and software that is configured toperform the corresponding functions of the content signing unit 12 asdescribed herein. Although shown in connection with the user terminal 10in FIG. 1, the content signing unit 12 may alternatively be located atanother location in the user's home, co-located with the serviceplatform 20, or at the premises of a trusted third party. As such, usersmay register their corresponding contact information to a contentsharing service provider associated with the service platform 20. Theregistered contact information may be associated with the signature orother indicia of the user's cameras or other content creation devices ormay be associated with the personal signature of the user. In somecases, the contact information may only be accessible to authorities,for example, encrypted with key escrow in a database of the contentsharing service provider, to assist in investigations of illegalcommercial content redistribution.

The signature or other indicia of the user or of the user's contentcreation devices (e.g., camera) may also serve as a digital fingerprint,deterring attempts to use the camera to capture a movie or othercommercial content off the screen of some other device. In some cases,fingerprints may allow tracing back to the source of content to therebydeter some legitimate activities, e.g. posting police brutality videoson a public content sharing service (e.g., YouTube). Thus, it may beadvantageous to employ fingerprinting in a manner that makes it possibleto prove that a certain video came from a corresponding certain camera,but impossible (at least without proper authorization) to compare twovideos and prove they came from the same camera. One approach for doingthis may be to include a random number in a signature block and encryptthe signature block with a public key associated with the contentsharing service provider. Thus, only the content sharing serviceprovider may be able to decrypt the signature block with thecorresponding private key, after which signature checking may bepossible.

In an exemplary embodiment, encrypting the signature block may beaccomplished by an entity E, which may be, for example, the deviceoriginating personal content or a separate content signing unit. Anexemplary procedure for creating the signature block is described below.However, it should be understood that the procedure described herein ismerely one example and does not limit embodiments of the presentapplication. In one example, a hash H(M) over media content mayinitially be calculated. The hash and the device ID may be encryptedwith a unique session key K using symmetric encryption (e.g.,E_(K)(H(M), ID)). The session key may be encrypted with the public keyof the content sharing service provider E_(S)(K). The signature blockmay be the concatenation of the encrypted session key and the result ofthe symmetric encryption (e.g., SB(M)=E_(S)(K), E_(K)(H (M), ID)). In anexemplary embodiment, as a reverse process, the sharing service providermay be able to use its private key to obtain the session key K of asignature block K=D_(S)(E_(S)(K)). The sharing service provider may alsoor alternatively be able to use session key K to obtain the device ID,together with the hash that correlates the signature block with thecontent (e.g., H(M), ID=D_(K)(E_(K)(H(M), ID))). With reference to theequations above, the term ID refers to a unique identifier of a deviceoriginating personal content. The term M refers to content such as, forexample, a video, audio or photos. The term SB(M) refers to thesignature block for content M. The term K refers to the unique sessionkey. The term E_(K) ( ) refers to encryption of a message with key K.The term E_(S)( ) refers to encryption of a message with the public keyof an sharing service provider. The term D_(S)( ) refers to decryptionof a message with the corresponding private key of a sharing serviceprovider. The term H( ) refers to calculation of a digest with a hashfunction, for example SHA or MD5.

An exemplary use case for protecting personal content may includeproviding enablement for giving single copies of pictures tosemi-trusted friends and acquaintances, but preventing the recipients ofthe single copies from making further copies. In such a case,embodiments of the present invention may enable a provider of mediacontent to freely copy the media content to the provider's authorizeddomain, but the media content may be marked “Copy No More” or in someother suitable fashion to prevent copying outside of the authorizeddomain. Since current content protection systems (e.g., the current DVBCPCM specification) do not include a usage state for restricting copyingbeyond the authorized domain, embodiments of the present invention mayprovide a usage state extension to enable such restriction.

As an alternative, content may be uploaded to a content sharing website(e.g., Ovi), which may provide access control to limit parties to whichcontent viewing privileges are extended. The content may have a usagestate set to enable viewing within the content protection system (e.g.,VCPCM=Viewable within the entire CPCM system), but limit movement and/orcopying of content to within the authorized domain (e.g., MAD=Movablewithin Authorized Domain). In an exemplary embodiment, software,hardware or a combination of software and hardware implemented at thecontent protection agent 24 in the form of an apparatus for employingembodiments of the present invention (e.g., apparatus 50 of FIG. 2) mayimplement a single content protection agent 24 for managing contentdistribution for all users or a separate content management entity foreach registered user. Thus, in some embodiments, a separate instance ofthe content protection agent 24 in the form of a content protection andcopy management mechanism or device may be instantiated for eachregistered user that can upload content. Each instance may then bejoined to the authorized domain of the corresponding registered userbefore content is enabled to be uploaded. The access control may, insome embodiments, be based on passwords, and the password utilized forviewing may be different than the password utilized for joining acertain user's instance of the content protection agent 24 to his or herauthorized domain.

In an exemplary embodiment, the content protection agent 24 may beconfigured to record or otherwise have access to information indicativeof authentic sources of personal content. In some cases, certain kindsof devices may be considered authentic sources of personal content.Authentic sources may include cameras (e.g., still cameras or videocameras), musical instruments or players, and other devices (possiblyalso containing a microphone) that may generate media content. In somecases, an authentic source (e.g., a camera) may be an integrated portionor device within another device (e.g., a camera built inside a mobilephone). As such, if a content protection system acquisition point (e.g.,the content protection agent 24) is able to positively identify that thecontent originates from such an authentic source of personal content,the acquisition point can allow the content to enter the contentprotection system 22.

The usage state applied to the personal content by the acquisition point(e.g., the content protection agent 24) may to some extent be under usercontrol, but there may be a policy enforced by the acquisition point todefine that the usage state does not allow unrestricted copying. Inother words, the content protection agent 24 may define usage parametersdefining allowable actions with respect to content submitted forinclusion in the content protection system 22. In this regard, forexample, copying of content submitted for inclusion in the contentprotection system 22 may be limited to the authorized domain of the usersubmitting the content or to the local environment. In an alternativeembodiment, an exemplary usage parameter or usage state may define anumerical limit to the number of copies that can be made of contentsubmitted for inclusion in the content protection system 22. In somecases, combinations of usage states may also be provided. One exemplaryrationale for conditioning acceptance of submitted content on theplacement of usage parameters that may restrict sharing of the submittedcontent is that if the user does not want the content to have some kindof copying restriction, there is no reason to bring the content into thecontent protection system 22 in the first place. The user is naturallyalways allowed to keep unprotected copies of personal content outsidethe content protection system 22. However, for content submitted to thecontent protection system 22 policies restricting copying may reduce thecontent laundering threat, because the restriction would hinder attemptsto illegally redistribute commercial content via the content protectionsystem 22.

To further reduce the risk of laundering commercial content with trusteddevices, even with reduced quality (for example by using a video camerato record a movie as it is played in a movie theater), digitalfingerprinting techniques like the pHash mechanism described above maybe employed to detect any commercial content uploaded to the system by aparticular user. In some cases, personal content may be kept separatefrom commercial content throughout the lifecycle of the personal contentwithin the content protection system 22 by dedicating a Compliance andRobustness Regime (C&R regime) supported by the content protectionsystem 22 to personal content. As an example, DVB CPCM Content Licensesmay have a field called “C&R regime mask”, each bit of which signalswhether the content is available under that C&R regime. Likewise, CPCMInstance Certificates may have a matching field calledC_and_R_regime_mask, which indicates which C&R regimes' content the CPCMInstance (or device) supports.

In an exemplary embodiment, an apparatus 50 is provided that may beemployed at devices performing exemplary embodiments of the presentinvention. The apparatus 50 may be embodied, for example, as any devicehosting, including, controlling or otherwise comprising the contentprotection agent 24. Thus, the apparatus 50 could be the user terminal10, when the content protection agent 24 is embodied at the userterminal 10, or the apparatus could be a server or other device of thecontent protection system 22 or the service platform 20 or of thenetwork 30 itself when the content protection agent 24 is embodied at arespective one of these entities. However, embodiments may also beembodied on a plurality of other devices such as for example whereinstances of the apparatus 50 may be embodied on both client side andserver side devices. Thus, the apparatus 50 will be described in genericterms so as to have broad application to either client side or serverside devices, As such, the apparatus 50 of FIG. 2 is merely an exampleand may include more, or in some cases less, than the components shownin FIG. 2.

Referring now to FIG. 2, an apparatus for employing content screeningfor submission of such content into a content protection system isprovided. The apparatus 50 may include or otherwise be in communicationwith a processor 70, a user interface 72, a communication interface 74and a memory device 76. The memory device 76 may include, for example,volatile and/or non-volatile memory. The memory device 76 may beconfigured to store information, data, files, applications, instructionsor the like. For example, the memory device 76 could be configured tobuffer input data for processing by the processor 70. Additionally oralternatively, the memory device 76 could be configured to storeinstructions for execution by the processor 70. As yet anotheralternative, the memory device 76 may be one of a plurality of databasesor storage locations that store information and/or media content.

The processor 70 may be embodied in a number of different ways. Forexample, the processor 70 may be embodied as various processing meanssuch as a processing element, a coprocessor, a controller or variousother processing devices including integrated circuits such as, forexample, an ASIC (application specific integrated circuit), an FPGA(field programmable gate array), a hardware accelerator, or the like. Inan exemplary embodiment, the processor 70 may be configured to executeinstructions stored in the memory device 76 or otherwise accessible tothe processor 70. As such, whether configured by hardware or softwaremethods, or by a combination thereof, the processor 70 may represent anentity capable of performing operations according to embodiments of thepresent invention while configured accordingly. Thus, for example, whenthe processor 70 is embodied as an ASIC, FPGA or the like, the processor70 may be specifically configured hardware for conducting the operationsdescribed herein. Alternatively, as another example, when the processor70 is embodied as an executor of software instructions, the instructionsmay specifically configure the processor 70, which may otherwise be ageneral purpose processing element if not for the specific configurationprovided by the instructions, to perform the algorithms and operationsdescribed herein. However, in some cases, the processor 70 may be aprocessor of a specific device (e.g., a mobile terminal) adapted foremploying embodiments of the present invention by further configurationof the processor 70 by instructions for performing the algorithms andoperations described herein.

Meanwhile, the communication interface 74 may be any means such as adevice or circuitry embodied in either hardware, software, or acombination of hardware and software that is configured to receiveand/or transmit data from/to a network and/or any other device or modulein communication with the apparatus 50. In this regard, thecommunication interface 74 may include, for example, an antenna (ormultiple antennas) and supporting hardware and/or software for enablingcommunications with a wireless communication network (e.g., network 30).In fixed environments, the communication interface 74 may alternativelyor also support wired communication. As such, the communicationinterface 74 may include a communication modem and/or otherhardware/software for supporting communication via cable, digitalsubscriber line (DSL), universal serial bus (USB), Ethernet,High-Definition Multimedia Interface (HDMI) or other mechanisms.Furthermore, the communication interface 74 may include hardware and/orsoftware for supporting communication mechanisms such as Bluetooth,Infrared, UWB, WiFi, and/or the like, which are being increasinglyemployed in connection with providing home connectivity solutions.

The user interface 72 may be in communication with the processor 70 toreceive an indication of a user input at the user interface 72 and/or toprovide an audible, visual, mechanical or other output to the user. Assuch, the user interface 72 may include, for example, a keyboard, amouse, a joystick, a display, a touch screen, a microphone, a speaker,or other input/output mechanisms. In an exemplary embodiment in whichthe apparatus is embodied as a server or some other network devices, theuser interface 72 may be limited, remotely located, or eliminated.

In an exemplary embodiment, the processor 70 may be embodied as, includeor otherwise control a content screener 78. The content screener 78,according to some embodiments, is any means such as a device orcircuitry embodied in hardware, software or a combination of hardwareand software that is configured to perform content screening functionswith respect to media content submitted for inclusion in the contentprotection system 22. In this regard, for example, the content screener78 is configured to receive an indication of personal content submittedfor inclusion in a content protection system 22 and determine whethersuch content is admissible for inclusion into the content protectionsystem 22. In an exemplary embodiment, the content screener 78 may beconfigured to determine admissibility of the personal content to thecontent protection system 22 based at least in part on indiciaassociated with a source device from which the personal contentoriginated. In other words, for example, if the source device is anauthorized source (e.g., a known device associated with a registereduser of services offered by the service platform 20), the personalcontent may be admitted to the content protection system.

In some embodiments, the content screener 78 may be configured to enableadmission of the personal content into the content protection system 22in such a way that the personal content is maintained separate fromcommercial content. As such, separate storage locations may be employed,or mechanisms may be employed to distinguish personal from commercialcontent within a single storage location (e.g., the memory device 76).

In an exemplary embodiment, the content screener 78 may further beconfigured to apply rules, for example, based on a usage state or usageparameters associated with the personal content, to govern usage,movement and/or copying of the personal content after the personalcontent is admitted to the content protection system 22. The rulesapplied by the content screener 78 may define, for example, thatunrestricted movement and copying of admitted personal content may bedone to devices associated with an authorized domain of the usersubmitting the personal content for inclusion in the content protectionsystem. However, the rules may also define that unrestricted copying ofthe personal content is not allowable for devices not associated withthe authorized domain. In an exemplary embodiment, the content screener78 may be configured to detect indicia within the personal content suchas determining whether the personal content includes a watermarkindicative of the source device or a signature indicative of a device orthe user. In some cases, the content screener 78 may also be configuredto determine whether the personal content includes a digital fingerprintassociated with known commercial content and base admissibility of thepersonal content on a comparison of the digital fingerprint of thepersonal content to that of known commercial content. In some cases,content comparisons may be performed based on a hash or perceptual hashof all or portions (in some cases random portions) of the contents beingcompared.

Accordingly, some embodiments of the present invention provide forenjoyment of protection being afforded to personal content provided by acontent protection system (e.g., DVB CPCM), while still frustratingattempts to utilize the content protection system for content launderingof commercial content.

FIG. 3 is a flowchart of a system, method and program product accordingto exemplary embodiments of the invention. It will be understood thateach block or step of the flowchart, and combinations of blocks in theflowchart, can be implemented by various means, such as hardware,firmware, and/or software including one or more computer programinstructions. For example, one or more of the procedures described abovemay be embodied by computer program instructions. In this regard, in anexample embodiment, the computer program instructions which embody theprocedures described above are stored by a memory device (e.g., memorydevice 76) and executed by a processor (e.g., the processor 70). As willbe appreciated, any such computer program instructions may be loadedonto a computer or other programmable apparatus (i.e., hardware) toproduce a machine, such that the instructions which execute on thecomputer or other programmable apparatus create means for implementingthe functions specified in the flowchart block(s) or step(s). In someembodiments, the computer program instructions are stored in acomputer-readable memory that can direct a computer or otherprogrammable apparatus to function in a particular manner, such that theinstructions stored in the computer-readable memory produce an articleof manufacture including instruction means which implement the functionspecified in the flowchart block(s) or step(s). The computer programinstructions may also be loaded onto a computer or other programmableapparatus to cause a series of operational steps to be performed on thecomputer or other programmable apparatus to produce acomputer-implemented process such that the instructions which execute onthe computer or other programmable apparatus provide steps forimplementing the functions specified in the flowchart block(s) orstep(s).

Accordingly, blocks or steps of the flowchart support combinations ofmeans for performing the specified functions, combinations of steps forperforming the specified functions and program instruction means forperforming the specified functions. It will also be understood that oneor more blocks or steps of the flowchart, and combinations of blocks orsteps in the flowchart, can be implemented by special purposehardware-based computer systems which perform the specified functions orsteps, or combinations of special purpose hardware and computerinstructions.

In this regard, one embodiment of a method for providing a contentprotection system for protecting personal content as provided in FIG. 3may include receiving an indication of personal content submitted forinclusion in a content protection system at operation 100, anddetermining admissibility of the personal content to the contentprotection system based at least in part on indicia associated with asource device from which the personal content originated at operation110.

In some embodiments, the method may include further optional operations,examples of which are shown in dashed lines in FIG. 3. Optionaloperations may be performed in any order and/or in combination with eachother in various alternative embodiments. As such, for example, themethod may further include enabling admission of the personal contentinto the content protection system and maintaining the personal contentseparate from commercial content at operation 120. Additionally oralternatively, the method may include enabling unrestricted movement andcopying of admitted personal content to devices associated with anauthorized domain of a user submitting the personal content forinclusion in the content protection system at operation 130.

In some embodiments, certain ones of the operations above may bemodified or further amplified as described below. It should beappreciated that each of the modifications or amplifications below maybe included with the operations above either alone or in combinationwith any others among the features described herein. In this regard, forexample, determining admissibility of the personal content may includedetermining whether the personal content includes a usage state definingthat unrestricted copying of the personal content is not allowable fordevices not associated with an authorized domain of a user submittingthe personal content for inclusion in the content protection system. Insome cases, determining admissibility of the personal content mayinclude determining whether the personal content includes a watermarkindicative of the source device or determining admissibility based on adetermination regarding whether the personal content includes a digitalfingerprint associated with known commercial content.

In an exemplary embodiment, an apparatus for performing the method ofFIG. 3 above may comprise a processor (e.g., the processor 70)configured to perform some or each of the operations (100-130) describedabove. The processor may, for example, be configured to perform theoperations (100-130) by performing hardware implemented logicalfunctions, executing stored instructions, or executing algorithms forperforming each of the operations. Alternatively, the apparatus maycomprise means for performing each of the operations described above. Inthis regard, according to an example embodiment, examples of means forperforming operations 100-130 may comprise, for example, the processor70, the content screener 78, and/or an algorithm executed by theprocessor 70 for processing information as described above.

Many modifications and other embodiments of the inventions set forthherein will come to mind to one skilled in the art to which theseinventions pertain having the benefit of the teachings presented in theforegoing descriptions and the associated drawings. Therefore, it is tobe understood that the inventions are not to be limited to the specificembodiments disclosed and that modifications and other embodiments areintended to be included within the scope of the appended claims.Moreover, although the foregoing descriptions and the associateddrawings describe exemplary embodiments in the context of certainexemplary combinations of elements and/or functions, it should beappreciated that different combinations of elements and/or functions maybe provided by alternative embodiments without departing from the scopeof the appended claims. In this regard, for example, differentcombinations of elements and/or functions than those explicitlydescribed above are also contemplated as may be set forth in some of theappended claims. Although specific terms are employed herein, they areused in a generic and descriptive sense only and not for purposes oflimitation.

What is claimed is:
 1. An apparatus comprising: at least one processorand at least one memory including computer program code, the at leastone memory and the computer program code configured to, with the atleast one processor, cause the apparatus to at least: receive anindication of personal content submitted for inclusion in a contentprotection system; determine admissibility of the personal content tothe content protection system based at least in part on indiciaassociated with a source device from which the personal contentoriginated, said indicia verifying that the personal content comes froman authentic non-commercial source; and enable admission of the personalcontent into the content protection system and maintain the personalcontent separate from commercial content.
 2. The apparatus of claim 1,wherein the processor is configured to determine admissibility of thepersonal content by determining whether the personal content includes ausage state defining that unrestricted copying of the personal contentis not allowable for devices not associated with an authorized domain ofa user submitting the personal content for inclusion in the contentprotection system.
 3. The apparatus of claim 1, wherein the processor isfurther configured to enable unrestricted movement and copying ofadmitted personal content to devices associated with an authorizeddomain of a user submitting the personal content for inclusion in thecontent protection system.
 4. The apparatus of claim 1, wherein theprocessor is configured to determine admissibility of the personalcontent by determining whether the personal content includes a watermarkindicative of the source device.
 5. The apparatus of claim 1, whereinthe processor is configured to determine admissibility of the personalcontent by determining admissibility based on a determination regardingwhether the personal content includes a digital fingerprint associatedwith known commercial content.
 6. The apparatus of claim 1, wherein theapparatus is embodied at one of the source device, a device of thecontent protection system, or a device of a service platform associatedwith content distribution services.
 7. A computer program productcomprising at least one non-transitory computer-readable storage mediumhaving computer-executable program code instructions stored therein, thecomputer-executable program code instructions comprising instructionsfor: receiving an indication of personal content submitted for inclusionin a content protection system; determining admissibility of thepersonal content to the content protection system based at least in parton indicia associated with a source device from which the personalcontent originated, said indicia verifying that the personal contentcomes from an authentic non-commercial source; and enabling admission ofthe personal content into the content protection system and maintainingthe personal content separate from commercial content.
 8. The computerprogram product of claim 7, wherein program code instructions fordetermining admissibility of the personal content include instructionsfor determining whether the personal content includes a usage statedefining that unrestricted copying of the personal content is notallowable for devices not associated with an authorized domain of a usersubmitting the personal content for inclusion in the content protectionsystem.
 9. The computer program product of claim 7, further comprisingprogram code instructions for enabling unrestricted movement and copyingof admitted personal content to devices associated with an authorizeddomain of a user submitting the personal content for inclusion in thecontent protection system.
 10. The computer program product of claim 7,wherein program code instructions for determining admissibility of thepersonal content include instructions for determining whether thepersonal content includes a watermark indicative of the source device.11. The computer program product of claim 7, wherein program codeinstructions for determining admissibility of the personal contentinclude instructions for determining admissibility based on adetermination regarding whether the personal content includes a digitalfingerprint associated with known commercial content.
 12. A methodcomprising: receiving an indication of personal content submitted forinclusion in a content protection system; determining, via a processor,admissibility of the personal content to the content protection systembased at least in part on indicia associated with a source device fromwhich the personal content originated, said indicia verifying that thepersonal content comes from an authentic non-commercial source; andenabling admission of the personal content into the content protectionsystem and maintaining the personal content separate from commercialcontent.
 13. The method of claim 12, wherein determining admissibilityof the personal content comprises determining whether the personalcontent includes a usage state defining that unrestricted copying of thepersonal content is not allowable for devices not associated with anauthorized domain of a user submitting the personal content forinclusion in the content protection system.
 14. The method of claim 12,further comprising enabling unrestricted movement and copying ofadmitted personal content to devices associated with an authorizeddomain of a user submitting the personal content for inclusion in thecontent protection system.
 15. The method of claim 12, whereindetermining admissibility of the personal content comprises determiningwhether the personal content includes a watermark indicative of thesource device.
 16. The method of claim 12, wherein determiningadmissibility of the personal content comprises determiningadmissibility based on a determination regarding whether the personalcontent includes a digital fingerprint associated with known commercialcontent.
 17. An apparatus comprising: means for receiving an indicationof personal content submitted for inclusion in a content protectionsystem; means for determining admissibility of the personal content tothe content protection system based at least in part on indiciaassociated with a source device from which the personal contentoriginated, said indicia verifying that the personal content comes froman authentic non-commercial source; and means for enabling admission ofthe personal content into the content protection system and maintainingthe personal content separate from commercial content.